![]() ![]() That attack came from a possibly compromised Pakistani government email address and had a malicious RTF attachment that deployed a backdoor program called Chinoxy. While the detected campaigns by TA412 were only focused on reconnaissance, it's likely that they were followed by attempts to compromise the selected targets with malware either by email or in other ways.Īn example of that is an attack campaign targeting journalists launched in April by a different Chinese APT tracked as TA459. Yet another wave of emails directed at journalists happened in February 2022 and based on the email topics, it was focused on those who reported about the EU and U.S. Capitol building on January 6, the campaign intensified and focused on Washington DC and White House correspondents.Īfter several months of break, the same group launched another reconnaissance campaign in August 2021 focused on journalists who covered cybersecurity, surveillance and privacy stories that painted China and the Chinese government in an unfavorable light. The emails used recent news headlines as subject and included text copied from legitimate articles. ![]() journalistsīetween January and February 2021, Proofpoint researchers observed a Chinese APT group tracked as TA412 or Zirconium targeting U.S.-based journalists using such reconnaissance emails with web beacons. These are known as tracking pixels or web beacons and are triggered when an email is read sending back to the attackers the target's external IP address, user-agent string, which helps them identify their operating system and email client and, more important, validation that the targeted email account is active and the owner reads their emails. Often this includes validating someone's email address and the likelihood of them opening a future malicious message.Īttackers often achieve this by embedding pixel-sized images hosted on web servers they control into benign email messages. A compromised account could be used to spread disinformation or pro-state propaganda, provide disinformation during times of war or pandemic, or be used to influence a politically charged atmosphere." From tracking pixels to malwareĭue to their highly targeted nature, reconnaissance plays a big role in APT attacks, as hackers need to know as much information about a potential victim as possible to craft believable lures. "A well-timed, successful attack on a journalist’s email account could provide insights into sensitive, budding stories and source identification. "The media sector and those that work within it can open doors that others cannot," researchers from Proofpoint said in a new report that documents recent attack campaigns against journalists by APT groups linked to China, North Korea, Iran and Turkey. Journalists have always been an appealing target for spies due to the access they have to sensitive information and the trust that organizations and individuals generally place in them, which is why it's imperative for members of the media to undergo online security training and be aware of the techniques used by state-linked hackers. ![]() The attacks targeted their work emails and social media accounts and often followed journalists' coverage of stories that painted certain regimes in a bad light or were timed to sensitive political events in the U.S. Since early 2021 researchers have observed multiple attack campaigns by state-sponsored advanced persistent threat (APT) groups aimed at journalists and the media organizations they work for. ![]()
0 Comments
Leave a Reply. |